We thank all participating teams, apologize for our technical issues and hope everybody still had fun!

Facts

The competition will work in classic attack-defense fashion. Each team will be given a Vulnbox image to host itself and VPN access. You will run exploits against other teams, capture flags and submit them to our server.

The vulnbox decryption password will be released at 2018-06-01 13:00 UTC. The actual competition will start at 14:00 UTC and presumably run for eight hours.

Prizes

Thanks to our sponsors, we can again provide nice prize money:

First place: 512 €

Second place: 256 €

Third place: 128 €

Additionally, for each service the first team to exploit it, submit a valid flag and provide a write-up will win 64 €.

News

Announcement regarding TCP and HTTP connections

Please note that we're intercepting TCP connections to the services of other teams and so you won't get any TCP RST or ICMP unreachable packets. Instead, the connections will get closed (HTTP 503 and/or TCP FIN) after a timeout, or when the other vulnbox is down. Note that when using netcat, you might not notice this immediately as the connection will be in half-open state. If you run into unexplainable TCP or HTTP issues, complain on our IRC channel.

Vulnbox downloads

FAUST proudly presents you the final Vulnboxes for FAUST CTF. The boxes should have the IP 10.66.<team_ID>.2 configured.

On first login, the Vulnbox will ask you for your team ID and configure itself properly. You can log into the box as root with an empty password using any of the following ways: